Cloud computing unified identity authentication method based on SAML and XACML

An identity authentication and cloud computing technology, which is applied in the field of unified identity authentication of cloud computing based on SAML and XACML, can solve the problems of repeated issuance of digital certificates, cumbersome use, repeated authentication, etc., and achieve unified identity authentication and management of access control rights Control problems, the certification process is safe and stable, and the effect of avoiding repeated issuance

Inactive Publication Date: 2017-03-15
JINAN INSPUR HIGH TECH TECH DEV CO LTD
View PDF3 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

It is mainly used to solve the problem of user identity authentication and management in many application platforms under cloud computing. According to the SAML and XACML specifications, it realizes the centralized management of user identity authentication under multiple platforms, so as to avoid repeated issuance of digital certificates, repeated authentication, and user use costs. High, cu...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Cloud computing unified identity authentication method based on SAML and XACML

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0017] Such as figure 1 As shown, a method of cloud computing unified identity authentication based on SAML and XACML, the method defines identity provider (IP: Identity Provider) and service provider (SP: ServiceProvider) by using SAML standard to form different security domains , realize the exchange of authentication and authorization data between different security domains; and use XACML to realize the general access control policy of request / response and the framework of enforcing the authorization policy, and realize the execution of the access control policy in the cloud computing environment , so as to realize the unified identity authentication and permission access control of cloud computing.

[0018] The XACML is a general access control policy language for determining request / response and a framework for executing authorization policies, which can be widely used in the distributed environment of cloud computing, mainly for the description of security policies such ...

Embodiment 2

[0020] On the basis of Embodiment 1, the method described in this embodiment forms a standard SAML request by integrating functions such as SAML construction, parsing, signature, and encryption, and then the client sends the SAML request to the server, and then A SAML response is returned by the server.

[0021] The transmission of data is expressed in XML format conforming to the SAML specification. SAML relies on comprehensive security standards such as SSL and X.509 to protect the security of communication between the SAML source site and the target site. All communications between the source and destination sites are encrypted. And digital certificates are used to ensure that both sites participating in the SAML interaction can verify each other's identities.

Embodiment 3

[0023] On the basis of Embodiment 1 or 2, the SAML request described in this embodiment is an X.509 certificate implemented by domestic encryption technology, replacing the original international public algorithms such as RSA, by defining an XML in SAML Signature (XMLSignature) element to identify the certification center, this element contains an X.509 certificate based on a domestic cryptographic algorithm with a public key, expiration date and usage policy; the XML signature also contains the signature value itself, and the signature value is determined by Certificate authority generated for element content. The signature can be verified using the public key information of the authority in the X509 certificate. This ensures the security, validity and integrity of the information.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a cloud computing unified identity authentication method based on SAML and XACML. According to the method, an identity provider and a service provider are defined by using the SAML standard so that different security domains can be formed, and authentication exchange and data authorization between different security domains can be realized; besides, a framework of a general access control strategy and a performing authorization strategy of the request/response can be realized by using the XACML so that performing of the access control strategy in the cloud computing environment can be realized, and unified identity authentication and authority access control of cloud computing can be realized. According to the unified identity authentication method, the management control problem of unified identity authentication and access control authority of multiple application platforms under cloud computing can be effectively solved.

Description

technical field [0001] The invention relates to the technical fields of cloud computing, identity authentication and access control, in particular to a unified identity authentication method for cloud computing based on SAML and XACML. Background technique [0002] After several years of brewing and development, cloud computing has become the focus and focus of the current industry and even the whole society. The era of cloud computing is widely regarded by the industry as the third IT wave after PC and the Internet. [0003] The high performance, low cost, and high reliability of cloud computing can greatly improve the utilization of IT resources. Cloud computing technology has also become the core of the new generation of information technology transformation and business application model transformation. Core applications are changing from traditional IT architecture is changing to cloud computing architecture. [0004] Applying cloud computing technology and concepts to...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/08H04L9/32
CPCH04L63/0892H04L9/3247H04L63/0823H04L63/10H04L67/10
Inventor 王金超于治楼罗清彩
Owner JINAN INSPUR HIGH TECH TECH DEV CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products